Answered: [Security threat] tags are not sanitized in extra question field

Post date: 2020-07-01 00:44:51
Views: 312

Hey q2apro, I think you are testing the default q_view_extra($q_view); function.

The default function is still safe. But if you pull the content from the databse, it's not safe.

First, look! The script is stored in database.

database

Second, if create a function to pull that content form the datase:

public function q_item_extra($q_item)
{
$postidz = $q_item'raw']'postid'];
$extra = qa_db_read_one_value(qa_db_query_sub(
       'SELECT content FROM ^postmetas WHERE title="qa_q_extra" AND postid=#',
        $postidz
   ), true);
 
 //$extra = $q_item'extra']'content'];
 
        $this->output('My info:'.$extra);   
   
}

Here's the result:

test

I hope you'll get my point.

Please click Here to read the full story.
 
Other Top and Latest Questions:
Rivian raises 2026 delivery outlook while Lucid misses Wall Street expectations for second quarter
AI agents will soon be able to match human traders, Robinhood CEO tells CNBC
Stock market gains minted nearly 1 million new millionaires in 2025, new UBS report says
Anthologies of short stories with the same title?
Ford CEO wants level playing field with Toyota, GM imports as USMCA trade talks reopen
What's the Frequency? Recommend me some radio!
Special Event: 2026 Tour de France
Special Event: 2026 World Cup Knockouts: Octavofinals
Sudden unplanned miniature birthday vacation near Brussels?
My bra keeps touching me. It's too hot for this.